tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
random: use random.trust_{bootloader,cpu} command line option only
It's very unusual to have both a command line option and a compile time
option, and apparently that's confusing to people. Also, basically
everybody enables the compile time option now, which means people who
want to disable this wind up having to use the command line option to
ensure that anyway. So just reduce the number of moving pieces and nix
the compile time option in favor of the more versatile command line
option.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+13
-59
+8
-10
Documentation/admin-guide/kernel-parameters.txt
+8
-10
Documentation/admin-guide/kernel-parameters.txt
···
4566
4566
4567
4567
ramdisk_start= [RAM] RAM disk image start address
4568
4568
4569
-
random.trust_cpu={on,off}
4570
-
[KNL] Enable or disable trusting the use of the
4571
-
CPU's random number generator (if available) to
4572
-
fully seed the kernel's CRNG. Default is controlled
4573
-
by CONFIG_RANDOM_TRUST_CPU.
4569
+
random.trust_cpu=off
4570
+
[KNL] Disable trusting the use of the CPU's
4571
+
random number generator (if available) to
4572
+
initialize the kernel's RNG.
4574
4573
4575
-
random.trust_bootloader={on,off}
4576
-
[KNL] Enable or disable trusting the use of a
4577
-
seed passed by the bootloader (if available) to
4578
-
fully seed the kernel's CRNG. Default is controlled
4579
-
by CONFIG_RANDOM_TRUST_BOOTLOADER.
4574
+
random.trust_bootloader=off
4575
+
[KNL] Disable trusting the use of the a seed
4576
+
passed by the bootloader (if available) to
4577
+
initialize the kernel's RNG.
4580
4578
4581
4579
randomize_kstack_offset=
4582
4580
[KNL] Enable or disable kernel stack offset
-1
arch/powerpc/configs/microwatt_defconfig
-1
arch/powerpc/configs/microwatt_defconfig
-2
arch/s390/configs/debug_defconfig
-2
arch/s390/configs/debug_defconfig
-2
arch/s390/configs/defconfig
-2
arch/s390/configs/defconfig
-1
arch/s390/configs/zfcpdump_defconfig
-1
arch/s390/configs/zfcpdump_defconfig
-36
drivers/char/Kconfig
-36
drivers/char/Kconfig
···
423
423
and SSM (Silicon Secured Memory). Intended consumers of this
424
424
driver include crash and makedumpfile.
425
425
426
-
config RANDOM_TRUST_CPU
427
-
bool "Initialize RNG using CPU RNG instructions"
428
-
default y
429
-
help
430
-
Initialize the RNG using random numbers supplied by the CPU's
431
-
RNG instructions (e.g. RDRAND), if supported and available. These
432
-
random numbers are never used directly, but are rather hashed into
433
-
the main input pool, and this happens regardless of whether or not
434
-
this option is enabled. Instead, this option controls whether the
435
-
they are credited and hence can initialize the RNG. Additionally,
436
-
other sources of randomness are always used, regardless of this
437
-
setting. Enabling this implies trusting that the CPU can supply high
438
-
quality and non-backdoored random numbers.
439
-
440
-
Say Y here unless you have reason to mistrust your CPU or believe
441
-
its RNG facilities may be faulty. This may also be configured at
442
-
boot time with "random.trust_cpu=on/off".
443
-
444
-
config RANDOM_TRUST_BOOTLOADER
445
-
bool "Initialize RNG using bootloader-supplied seed"
446
-
default y
447
-
help
448
-
Initialize the RNG using a seed supplied by the bootloader or boot
449
-
environment (e.g. EFI or a bootloader-generated device tree). This
450
-
seed is not used directly, but is rather hashed into the main input
451
-
pool, and this happens regardless of whether or not this option is
452
-
enabled. Instead, this option controls whether the seed is credited
453
-
and hence can initialize the RNG. Additionally, other sources of
454
-
randomness are always used, regardless of this setting. Enabling
455
-
this implies trusting that the bootloader can supply high quality and
456
-
non-backdoored seeds.
457
-
458
-
Say Y here unless you have reason to mistrust your bootloader or
459
-
believe its RNG facilities may be faulty. This may also be configured
460
-
at boot time with "random.trust_bootloader=on/off".
461
-
462
426
endmenu
+5
-5
drivers/char/random.c
+5
-5
drivers/char/random.c
···
748
748
*
749
749
* add_bootloader_randomness() is called by bootloader drivers, such as EFI
750
750
* and device tree, and credits its input depending on whether or not the
751
-
* configuration option CONFIG_RANDOM_TRUST_BOOTLOADER is set.
751
+
* command line option 'random.trust_bootloader'.
752
752
*
753
753
* add_vmfork_randomness() adds a unique (but not necessarily secret) ID
754
754
* representing the current instance of a VM to the pool, without crediting,
···
774
774
*
775
775
**********************************************************************/
776
776
777
-
static bool trust_cpu __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU);
778
-
static bool trust_bootloader __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER);
777
+
static bool trust_cpu __initdata = true;
778
+
static bool trust_bootloader __initdata = true;
779
779
static int __init parse_trust_cpu(char *arg)
780
780
{
781
781
return kstrtobool(arg, &trust_cpu);
···
926
926
EXPORT_SYMBOL_GPL(add_hwgenerator_randomness);
927
927
928
928
/*
929
-
* Handle random seed passed by bootloader, and credit it if
930
-
* CONFIG_RANDOM_TRUST_BOOTLOADER is set.
929
+
* Handle random seed passed by bootloader, and credit it depending
930
+
* on the command line option 'random.trust_bootloader'.
931
931
*/
932
932
void __init add_bootloader_randomness(const void *buf, size_t len)
933
933
{